Systems and methods for gesture-based interaction with computer systems

ABSTRACT

The present disclosure facilitates gesture-based interaction with a computer-system. The method may comprise pairing a transaction account with a likeness, receiving the likeness and a transaction request based upon the location of a marker in three dimensional space, retrieving the transaction account paired with the likeness, and approving the transaction request at least partially based upon the transaction account and the likeness.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, claims priority to and thebenefit of, U.S. Ser. No. 13/168,072 filed on Jun. 24, 2011 and entitled“SYSTEMS AND METHODS FOR GESTURE-BASED INTERACTION WITH COMPUTERSYSTEMS,” which is incorporated by reference herein in its entirety.

BACKGROUND

1. Field

The present disclosure generally relates to facilitating gesture-basedinteraction with computer systems.

2. Related Art

Two main techniques for interacting with one's personal computercurrently exist. Namely, (1) via one's keyboard, and (2) via one'smouse. This is the state of the art, despite the availability of avariety of other potential sources of interaction. For example, mostmodern personal computers (not to mention automatic teller machines(ATMs), kiosks, etc.) are equipped with cameras able to record livevideo. Personal computers, for example, are increasingly equipped withweb-cams.

However, where computers are equipped with such devices, they are mainlyincluded for the purposes of facilitating secure login and enablingvideo conferencing (e.g., via Skype™). Of course, infrared (e.g.,Nintendo Wii®) and image based (e.g., Microsoft Kinect®) devices exist.However, such devices are, at present, intended for use with videogames. More importantly, such systems are not intended, and do not,facilitate secure gesture-based interaction in a virtual environment.Rather, existing devices merely translate the motions of an object(e.g., a Wii® controller or a human body) into the virtual space. Thesemotions are not translated into the virtual space securely, nor are suchsystems helpful in authenticating a user to the virtual space.

Therefore, what is needed is a system that permits a more robustinteraction with a personal computing device that is, a system thatbroadens human-computer interaction beyond the constraints imposed bykeyboard and mouse. This system should facilitate a secure connection tothe virtual space.

SUMMARY

The present disclosure includes a system, method, and article forfacilitating gesture-based interaction with a computer-system. Themethod may comprise pairing a transaction account with a likeness,receiving the likeness and a transaction request based upon the locationof a marker in three dimensional space, retrieving the transactionaccount paired with the likeness, and approving the transaction requestbased upon the transaction account and the likeness.

The marker may comprise at least one of: a transaction instrument and amobile communication device. The mobile communication device may displayat least one of: an image of a transaction instrument, a transactionaccount identifier, a QR code, and a bar code. The system may also paira marker with the transaction account, and/or pair at least one of: apersonal identification number (PIN), a digital signature, and a secretgesture with the transaction account. The system may approve thetransaction request based upon the transaction account and one of: apersonal identification number (PIN), a digital signature, and a secretgesture.

The system may also receive data associated with a digital scan of alikeness; and transmit an offer to a client based upon the data. In anembodiment, the system may receive at least one of a secret gesture, adigital signature, and a personal identification number (PIN); andtransmit an offer to a client based upon the at least one of the secretgesture, the digital signature, and the PIN.

BRIEF DESCRIPTION OF THE DRAWINGS

The features and advantages of the present disclosure will become moreapparent from the detailed description set forth below when taken inconjunction with the drawings, wherein like numbers refer to likeelements.

FIG. 1 shows an exemplary system diagram, in accordance with anembodiment.

FIG. 2 shows a flowchart depicting an exemplary method for pairing ingesture-based systems, in accordance with an embodiment.

FIG. 3 shows a flowchart depicting an exemplary method for interactingwith gesture-based systems, in accordance with an embodiment.

FIG. 4 shows a flowchart depicting an exemplary method for making apurchase using gesture-based systems, in accordance with an embodiment.

FIG. 5 shows a flowchart depicting an exemplary method for displayingoffers using gesture-based systems, in accordance with an embodiment.

FIG. 6 shows a flowchart depicting an exemplary method for populating anonline form using gesture-based systems, in accordance with anembodiment.

DETAILED DESCRIPTION

The detailed description of exemplary embodiments herein makes referenceto the accompanying drawings, which show the exemplary embodiments byway of illustration and their best mode. While these exemplaryembodiments are described in sufficient detail to enable those skilledin the art to practice the invention, it should be understood that otherembodiments may be realized and that logical and mechanical changes maybe made without departing from the spirit and scope of the invention.Thus, the detailed description herein is presented for purposes ofillustration only and not of limitation. For example, the steps recitedin any of the method or process descriptions may be executed in anyorder and are not limited to the order presented. Moreover, any of thefunctions or steps may be outsourced to or performed by one or morethird parties. Furthermore, any reference to singular includes pluralembodiments, and any reference to more than one component may include asingular embodiment. As used herein, terms similar to “match” mayinclude a full or partial match, or a match based on certain rules orcriteria.

Phrases and terms similar to “financial institution,” “transactionaccount issuer,” and “payment processor” may include any person, entity,software and/or hardware that offers transaction account services.Although often referred to as a “financial institution,” the financialinstitution may represent any type of bank, lender or other type ofaccount issuing institution, such as credit card companies, cardsponsoring companies, or third party issuers under contract withfinancial institutions. It is further noted that other participants maybe involved in some phases of the transaction, such as an intermediarysettlement institution.

Phrases and terms similar to “business”, “merchant”, “supplier” or“seller” may be used interchangeably with each other and shall mean anyperson, entity, distributor system, software and/or hardware that is aprovider, broker and/or any other entity in the distribution chain ofgoods or services and/or that receives payment or other consideration.For example, a merchant may be a grocery store, a retail store, a travelagency, a service provider, an on-line merchant or the like. Forexample, a supplier may request payment for goods sold to a buyer whoholds an account with a transaction account issuer.

The terms “payment vehicle,” “financial transaction instrument,”“transaction instrument,” “transaction account product” and/or theplural form of these terms may be used interchangeably throughout torefer to a financial instrument. As used herein, an account code may ormay not be associated with a physical financial instrument.

Phrases and terms similar to a “buyer,” “consumer,” and “user” mayinclude any person, entity, software and/or hardware that receives itemsin exchange for consideration (e.g. financial payment). For example, abuyer may purchase, lease, rent, barter or otherwise obtain items from asupplier and pay the supplier using a transaction account.

Phrases and terms similar to an “item” may include any good, service,information, experience, reward, points, coupons, credits, monetaryequivalent, anything of value, something of minimal or no value, etc.

As used herein, a biometric may include a user's voice, fingerprint,facial, ear, signature, vascular patterns, DNA sampling, hand geometry,sound, olfactory, keystroke/typing, iris, retinal or any other biometricrelating to recognition based upon any body part, function, system,attribute and/or other characteristic, or any portion thereof.

Phrases or terms similar to a “processor” (such as a payment processor)may include a company (e.g., a third party) appointed (e.g., by amerchant) to handle transactions for merchant banks. Processors may bebroken down into two types: front-end and back-end. Front-end processorshave connections to various transaction accounts and supplyauthorization and settlement services to the merchant banks' merchants.Back-end processors accept settlements from front-end processors and,via The Federal Reserve Bank, move money from an issuing bank to themerchant bank. In an operation that will usually take a few seconds, thepayment processor will both check the details received by forwarding thedetails to the respective account's issuing bank or card association forverification, and may carry out a series of anti-fraud measures againstthe transaction. Additional parameters, including the account's countryof issue and its previous payment history, may be used to gauge theprobability of the transaction being approved. In response to thepayment processor receiving confirmation that the transaction accountdetails have been verified, the information may be relayed back to themerchant, who will then complete the payment transaction. In response tothe verification being denied, the payment processor relays theinformation to the merchant, who may then decline the transaction.

Phrases or terms similar to a “payment gateway,” “gateway,” or “mobilegateway” may include an application service provider that authorizespayments for e-businesses, online retailers, and/or traditional brickand mortar merchants. A payment gateway may protect transaction accountdetails by encrypting sensitive information, such as transaction accountnumbers, to ensure that information passes securely between the customerand the merchant and also between merchant and payment processor.

As used herein, “transmit” may include sending electronic data from onesystem component to another over a network connection. Additionally, asused herein, “data” may include encompassing information such ascommands, queries, files, data for storage, and the like in digital orany other form.

Phrases or terms similar to “transaction account” may include anyaccount that may be used to facilitate a financial transaction. A“transaction account” as used herein refers to an account associatedwith an open account or a closed account system (as described herein).The transaction account may exist in a physical or non-physicalembodiment. For example, a transaction account may be distributed innon-physical embodiments such as an account number, frequent-flyeraccount, and telephone calling account or the like. Furthermore, aphysical embodiment of a transaction account may be distributed as afinancial instrument.

In general, transaction accounts may be used for transactions betweenthe user and merchant through any suitable communication means, such as,for example, a telephone network, intranet, the global, public Internet,a point of interaction device (e.g., a point of sale (POS) device,personal digital assistant (PDA), mobile telephone, kiosk, etc.), onlinecommunications, off-line communications, wireless communications, and/orthe like.

An “account”, “account code”, or “account number”, as used herein, mayinclude any device, code, number, letter, symbol, digital certificate,smart chip, digital signal, analog signal, biometric or otheridentifier/indicia suitably configured to allow the consumer to access,interact with or communicate with the system (e.g., one or more of anauthorization/access code, personal identification number (PIN),Internet code, other identification code, and/or the like). The accountnumber may optionally be located on or associated with a rewards card,charge card, credit card, debit card, prepaid card, telephone card,embossed card, smart card, magnetic stripe card, bar code card,transponder, radio frequency card or an associated account. The systemmay include or interface with any of the foregoing cards or devices, ora transponder and RFID reader in RF communication with the transponder(which may include a fob). Typical devices may include, for example, akey ring, tag, card, cell phone, wristwatch or any such form capable ofbeing presented for interrogation. Moreover, the system, computing unitor device discussed herein may include a “pervasive computing device,”which may include a traditionally non-computerized device that isembedded with a computing unit. Examples can include watches, Internetenabled kitchen appliances, restaurant tables embedded with RF readers,wallets or purses with imbedded transponders, etc.

The account code may be distributed and stored in any form of plastic,electronic, magnetic, radio frequency, wireless, audio and/or opticaldevice capable of transmitting or downloading data from itself to asecond device. A customer account code may be, for example, asixteen-digit transaction account code, although each transactionaccount provider has its own numbering system, such as the fifteen-digitnumbering system used by American Express. Each company's transactionaccount codes comply with that company's standardized format such thatthe company using a fifteen-digit format will generally use three-spacedsets of numbers, as represented by the number “0000 000000 00000”. Thefirst five to seven digits are reserved for processing purposes andidentify the issuing bank, card type, etc. In this example, the last(fifteenth) digit is used as a sum check for the fifteen digit number.The intermediary eight-to-eleven digits are used to uniquely identifythe customer. A merchant account code may be, for example, any number oralpha-numeric characters that identify a particular merchant forpurposes of card acceptance, account reconciliation, reporting, or thelike.

It should be noted that the transfer of information in accordance withthe present disclosure, may be completed in a format recognizable by amerchant system or account issuer. In that regard, by way of example,the information may be transmitted from an RFID device to an RFID readeror from the RFID reader to the merchant system in magnetic stripe ormulti-track magnetic stripe format.

With reference to FIG. 1, system 100 implements a gesture-based method.System 100 may include a camera 102, a client 104, a server system 106,and a network 108. System 100 may include a variety of other components,including for example, one or more mobile gateway servers (not shown)for securely receiving and transmitting data to and from the client 102,one or more electronic commerce website servers (not shown), and/or oneor more payment processor authorization gateway servers (not shown).

Camera 102 may comprise any software and/or hardware suitably configuredfor acquiring data (e.g., one or more digital and/or analog images).Thus, camera 102 may comprise a digital camera, a digital video camera(e.g., a web-cam), an analog camera, an analog video camera, an infrared(IR) imaging device, a radar or sonar imaging device, a laser imagingdevice, and/or a radio frequency imaging device.

Client 104 may comprise any software and/or hardware suitably configuredfor sending and/or receiving data. Client 104 may include a personalcomputer such as a desktop, laptop computer, an iPad®, iMAC®, MacBook®,and/or any of a wide array of personal computing products. Client 104may further comprise a kiosk, a terminal, a point of sale (POS) device,a television, a digital sign or banner, or any other device capable ofsending and/or receiving data over a network. In an embodiment, client104 may run Microsoft Internet Explorer, Mozilla Firefox, Google Chrome,Apple Safari, or any other of the myriad software packages available forbrowsing the interne. Client 104 may further comprise a display, such asa liquid crystal display (LCD), or a plasma screen display. Client 104may further comprise a digital sign or kiosk, such as a merchant digitalsign or kiosk and/or a digital sign or kiosk such as one may encounterin a shopping mall and which is configured or configurable to displayoffers, advertisements, mall directories, and the like.

Server system 106 may comprise software and/or hardware suitablyconfigured or configurable to receive and/or process data. Thus, serversystem 106 may comprise a rack mountable server appliance running asuitable server operating system (e.g., IIS) and having databasesoftware (e.g., Oracle) installed thereon. In addition, server system106 may, in some embodiments, include one or more mobile gateway servers(not shown) for securely receiving and transmitting data to and from theclient 104.

Network 108 may comprise software and/or hardware suitably configured orconfigurable to facilitate the transmission and reception of data. Thus,network 108 may comprise any of a variety of wired and/or wirelessnetwork architectures, including, for example, an RF networkarchitecture such as a network associated with a wireless provider(e.g., a 3G or 4G network), a Wi-Fi network architecture (e.g., a homearea or local area network), and/or a wired network architecture reliantupon one or more cables and/or trunk lines and/or optical fiber lines.Network 108 may comprise a combination of wired and wireless networktypes. Network 108 may further comprise any of a variety of networktypes, including a public network type, such as a “cloud” computingenvironment, like the interne, a proprietary network, and/or acombination of both public and private network types.

Mobile device 110 may comprise any software and/or hardware configuredor configurable to display an image. Mobile device 110 may comprise apersonal digital assistant (“PDA”), a smart phone (e.g., an iPhone®, aBlackberry®, and the like), a cellular phone having a display, and/orany other similar device.

Referring now to FIGS. 2-6, the process flows and screenshots depictedare merely embodiments and are not intended to limit the scope of theinvention as described herein. For example, the steps recited in any ofthe method or process descriptions may be executed in any order and arenot limited to the order presented. It will be appreciated that thefollowing description makes appropriate references not only to the stepsand user interface elements depicted in FIGS. 2-6, but also to thevarious system components as described above with reference to FIG. 1.

With reference to FIG. 2, a transaction account activation process 200is described. The transaction account activation process 200 may enableor facilitate certain of the gesture based methods described below.Accordingly, in an embodiment, an individual who has been approved for anew transaction account may visit by way of client 104 a transactionaccount issuer website (step 202). Server system 106 may generate, orfacilitate the generation of, such a website, and client 104 may displaythe website. Website generation and display is very well known in theart and will not be described in greater detail here.

With continuing attention to FIG. 2, the individual, having gainedaccess to the website, may securely establish, or verify, his identity(step 204) prior to activation of his account. An individual may verifyhis identity using a variety of methods. For example, an individual mayhold a form of identification (ID) (such as his driver's license,passport, social security card, birth certificate, and/or anycombination of these) such that an image of the ID is acquired orcaptured by camera 102.

An individual may also hold his likeness (e.g., transaction instrumentand/or his mobile device 110) in view of camera 102. An individual'smobile device 110 and/or transaction instrument may display a variety ofinformation, including an account code, a name, an expiration date, aquick response code (“QR code”), a bar code, and/or any otherinformation that may be used to identify a transaction account and/ortransaction instrument. Where an individual's mobile device 110 is used,a transaction account issuer may not be required to issue a plastic ortangible transaction instrument; this may save a transaction accountissuer the substantial expense associated with issuing new andreplacement tangible transaction instruments. Further, where a QR code,bar code, and/or other form of encoded data are used, the security of anindividual's transaction account may be improved. That is, encoded datais much more difficult to memorize and/or copy than, for example, asimple account code. Thus, in an embodiment, an individual's transactionaccount may be protected by an encoded account identifier.

An individual's likeness may comprise any feature of the individual,data associated with the individual, biometric information, or any otherinformation or device (transaction device, mobile device, etc) tendingto identify the individual. For example, an individual's likeness maycomprise his facial patterns and/or characteristics. As used herein, abiometric may include a user's voice, fingerprint, facial, ear,signature, vascular patterns, DNA sampling, hand geometry, sound,olfactory, keystroke/typing, iris, retinal or any other biometricrelating to recognition based upon any body part, function, system,attribute and/or other characteristic, or any portion thereof.

A biometric security system may include a biometric sensor that detectsbiometric samples and a device for verifying biometric samples. Thebiometric security system may be configured with one or more biometricscanners, processors and/or systems. The biometric system may includeone or more technologies, or any portion thereof, that facilitatesrecognition of a biometric. For example, camera 102 (or anotherbiometric reader, not shown) may scan or capture data and/or an image ofthe objects/likenesses presented. The captured image may be communicatedto client 104 via a wired or wireless connection between the devices.Client 104 may communicate the captured image to server system 106 byway of network 108.

In an embodiment, server system 106 may communicate with an intelligenceagency and/or government system (e.g., a police department system and/ordepartment of motor vehicles (DMV) system) and/or another third partyidentity verification system (e.g., Experian®, TransUnion®, Equifax®,etc.) to verify that the captured image of the identification representsa valid identification. Server system 106 may further verify theindividual's identity based upon a comparison of the individual'slikeness to the image (or another biometric identifier) of theindividual associated with the identification. If the individual'slikeness matches an image or likeness associated with theidentification, the individual's identity may be verified.

In an embodiment, camera 102 may transmit the captured image to serversystem 106, which may verify the individual's identity based upon one ormore responses by the individual to “secret” questions, the answers towhich the individual may have established during an account applicationprocess. In an embodiment, secret questions may be related to anindividual's personal information, such as, for example, theindividual's social security number or telephone number. Thus, serversystem 106 may use the captured image of the individual's transactioninstrument, likeness, etc. to look up the individual's personalinformation (which the individual supplied during the accountapplication process), and if the individual's responses to the secretquestions are correct, the individual's identity may be satisfactorilyverified. In an embodiment, an individual may simply enter an identifierassociated with his transaction instrument by way of a keyboard (notshown) associated with client 104. If the individual's answers to thesecret questions match the answers entered by the individual during theapplication process, the individual's identity may be satisfactorilyverified, and the individual's account activated.

An individual may further associate or “pair” his likeness and/or apersonal identification number (PIN), a digital signature, and/or a“secret” gesture with his transaction instrument and/or transactionaccount (step 206). As used herein, an individual's PIN, digitalsignature, and/or secret gesture may comprise “identifying information.”Likeness, as used herein, may comprise a biometric (as described above).An individual's likeness and/or identifying information may be pairedbefore or after an individual has verified his identity. An individualmay present to camera 102 his likeness. Where an individual's likenesscannot be captured with camera 102, the individual may present hislikeness to any device capable of capturing and/or recording thelikeness, e.g., a microphone (not shown) (for example, where theindividual's likeness comprises a voiceprint), or any other type ofbiometric reader (e.g., a heartbeat sensor, fingerprint reader, orretinal scanner). An individual may further enter at client 104 a PIN, adigital signature, and/or a “secret” gesture, and each of these may beassociated, or “paired,” by server system 106 with the individual'stransaction account. In an example, a digital signature may comprise asignature entered at client 104 via an electronic signature pad or bymoving a marker (see below) in the visual field of camera 102, asdescribed below. A digital signature may further comprise anindividual's name, initials, and/or any other spelling or shape that anindividual wishes to select for himself. A secret gesture may comprise agesture, motion, or series of motions known only to an individual (e.g.,a “star” shape). A secret gesture may be entered by moving a marker inthe visual field of camera 102, again, as described below.

Accordingly, server system 106 may pair a likeness and/or identifyinginformation with an individual's transaction instrument and/ortransaction account by storing a record of some or all of theindividual's identifying information in a database (not shown) inassociation with an identifier associated with the individual'stransaction instrument and/or an identifier associated with theindividual's transaction account. The identifier associated with anindividual's transaction instrument and/or transaction account maycomprise and account code (see above), a QR code, a bar code, an imageof the transaction instrument, and/or a combination of one or more ofthese. Thus, in simpler terms, server system 106 may record a data setcomprising an identifier associated with an individual's transactioninstrument and/or account and an individual's identifying informationand/or likeness. In this way, an individual may be paired securelythrough his likeness and/or identifying information with his transactioninstrument and/or account.

With reference now to FIG. 3, a process 300 whereby an individual mayinteract with a gesture-based system 100 via client 104 is described. Inan embodiment, an individual may visit or “surf” to a gesture-basedwebsite (step 302) using client 104. In an embodiment, an individual mayinteract with a gesture-based application or program installed (assoftware or hardware) on client 104. An individual may interact with agesture-based system 100 by holding a marker in view of camera 102. Amarker may comprise, but is not limited to, a transaction instrument,and/or a mobile device 110 displaying a transaction instrument and/ortransaction account information and/or an image. A marker may furthercomprise any object (e.g., a pen, pencil, hand, finger, and the like)that may be imaged by camera 102 (step 304).

Camera 102 may transmit, in real time or pseudo-real time (i.e., realtime delayed by a processing interval), the image, and/or coordinatesassociated with the image, of the marker to client 106. Client 106 may,in turn, transmit the image and/or coordinates associated with the imageto server system 106. In an embodiment, client 106 may process themotion of the marker in real time or pseudo-real time. Based upon themotion of the marker, client 106 may display an icon (e.g., a cursor),and the icon may move in real time or pseudo-real time in a motioncorresponding or closely corresponding to the motion of the marker inspace (step 306). In an embodiment, server system 106 may process themotion of the marker, in which case server 102 may instruct client 106as to the proper motion of the icon. In both instances, the motion ofthe icon on the display of client 106 corresponds or closely correspondsto the motion of the marker in space (step 306). Thus, an individual mayforgo his mouse (and potentially his keyboard) in favor of a marker. Theindividual may navigate a website by moving his marker in view of camera102. As the individual's marker changes position in space, the icondisplayed for the individual on the display of client 106 also moves.Thus, the individual is able to navigate a gesture-based website. Anindividual's marker may move in two dimensions and/or three dimensions,and the motion of the marker may be translated to two dimensional motionof an icon displayed by client 106. Similarly, the motion of the marker(again, in two dimensions or three dimensions) may be translated toapparent three dimensional motion of an icon displayed by client 106.Apparent three dimensional motion may comprise motion that appears threedimensional, although it may occur on a two dimensional display, forexample, by rendering the icon such that it appears to move in threedimensions.

With reference to FIG. 4, a process 400 for logging into and/orcompleting a purchase via a gesture-based system 100 is described. Tolog into a gesture based system 100 and/or initiate a purchase by way ofa gesture-based system 100, an individual may make a transactionrequest. Thus, a transaction request may indicate that an individualwishes to conduct a transaction (e.g., “checkout” or otherwise make apurchase). A transaction request may also indicate that an individualwishes to log into a system (e.g., gesture based system 100). In anembodiment, an individual may review the details of his transactionaccount (e.g., balance, amount due, date due, remittances, and the like)by way of a gesture based system 100.

An individual may accomplish or make a transaction request by moving hismarker such that the icon displayed by client 104 moves “over” a“checkout,” “pay now,” “log in,” “sign in” or similar option displayedby his client 104. To be more specific, an individual may position hismarker in three dimensional space (e.g., using his hand) such that oneor more of the coordinates associated with the icon are in a range ofcoordinates that define the boundaries of the desired option displayedby client 104. An individual may select the option by shaking or tappinghis marker in space, but of course, a variety of “double clicking”(i.e., twice or double pulsating) or similar motions signifying a desireto make a selection are within the scope of the present disclosure. Atransaction request may be transmitted to server system 106 from client104 as html or other web-based code, and server 106 may receive atransaction request by way of a secure (e.g., encrypted) or non-secure(e.g., unencrypted) connection.

In response to receiving a transaction request, client 104 and/or server106 may prompt an individual to present his transaction instrument, hislikeness and/or identifying information (step 402), and/or his mobiledevice 110 to camera 102 (or other biometric reader or data inputdevice). For example, in an embodiment, an individual may be prompted byclient 104 or server system 106 through client 106 to present both histransaction instrument as well as his likeness (e.g., his face) tocamera 102 (and/or other card and/or other biometric reader). Camera 102may capture an image of the individual's transaction instrument (whetherit be tangible or displayed by mobile device 110) and likeness (step404). Camera 102 may further transmit the captured image to client 104,which may convey the captured image to server system 106. Server system106 may process or facilitate the processing of the requestedtransaction (step 406). For example, server system 106 may compare thecaptured image to a saved image of the individual's likeness and/or theindividual's transaction instrument. Specifically, server system 106 mayreceive an identifier (e.g., an account code, QR code, and the like, asdescribed more fully above) associated with the image of theindividual's transaction instrument, where the identifier enables serversystem 106 to look up or otherwise retrieve the individual's pairedtransaction account. Having retrieved the individual's transactionaccount, server system 106 may further look up or retrieve a pairedimage of the individual's likeness, saved, for example, in a securedatabase coupled to server system 106. Server system 106 may compare thecaptured image of the individual's likeness to the saved/pairedlikeness, the results of which may be used to authenticate theindividual to his transaction account and/or approve or deny therequested transaction.

Thus, for example, where the captured likeness of the individual matchesthe paired likeness, the individual may be authenticated to histransaction account, and the requested transaction may be approved. Onthe other hand, where the captured image does not match, or matchesinsufficiently, the individual may not be authenticated to histransaction account, and the requested transaction may be denied toprevent fraud on the merchant, transaction account issuer, and/or theindividual. Server system 106 may transmit to client 104 anauthentication response to client 104. An authentication response maycomprise any signal, message, instruction, set of messages orinstructions and the like indicating that an individual has beenauthenticated or that an individual has not been authenticated. Thus, inan embodiment, an authentication response may indicate that anindividual has been successfully authenticated and/or that a requestedauthentication has failed.

In an embodiment, an individual may not be required to present histransaction instrument for image capture. Rather, an individual maysimply present his likeness for capture (step 402). In this regard, anindividual may be authenticated based upon a single-factor (i.e., hislikeness). In contrast, foregoing embodiments may require two-factorauthentication, in which an individual is authenticated based upon afirst factor (e.g., his likeness) as well as a second factor (e.g., animage of his transaction instrument, etc.) Based upon the individual'slikeness, server system 106 may initiate a facial recognition (or otherbiometric authentication) process, whereby a database of saved valid(and perhaps even invalid) likenesses are compared to the likenesspresented by the individual (steps 404 and 406). If a valid likenessmatching the individual's likeness is returned or detected by the facialrecognition (or other biometric authentication) process, the individualmay be authenticated to his transaction account and the transactionaccount that is paired to the individual's likeness may be used toprocess the requested transaction (step 406). Thus, an individual maymake a purchase, log in to his transaction account, and the like usingthe systems and methods disclosed herein simply by presenting hislikeness to system 100.

In an embodiment, an individual may be authenticated to his transactionaccount based upon an image of his likeness and at least one of the datacomprising his identifying information (i.e., his PIN, digitalsignature, and/or secret gesture). Thus, in an embodiment, an individualmay not be required to present his transaction instrument (nor enter anaccount code) in order to be authenticated to his transaction account.Rather, an individual may present his likeness to camera 102 asdescribed above in addition to at least one of his PIN, digitalsignature, and secret gesture. Having acquired each of these twoauthentication factors, server 106 may authenticate an individual to histransaction account.

As used herein, the term “enter” may be used interchangeably with theterm “present,” although, in general, the term “present” may be used torefer to image/biometric capture or presentation of an image/biometricor object to camera 102, while the term “enter” may be used to refer toother non-biometric input techniques (e.g., mice, keyboards, etc.) In anexemplary embodiment, then, an individual may present his likeness aswell as his secret gesture to camera 102. Server system 106 may retrievethe individual's saved identifying information based upon the likenesspresented by the individual (i.e., by virtue of the fact that the twoare paired by way of the individual's transaction account). Serversystem 106 may compare the individual's saved identifying information(e.g., a saved secret gesture) to the identifying informationpresented/entered by the individual (e.g., a presented secret gesture).If server system 106 determines that the saved identifying informationmatches the entered/presented identifying information, server system 106may authenticate the individual to his transaction account.

In an embodiment, an individual may decline to present his likeness, orhe may discover that his likeness has changed sufficiently (perhaps theindividual has aged) to prevent a match between the likeness presentedfor capture by the individual and the likeness saved by server system106. In either event, an individual may be authenticated to histransaction account based upon an image of his transaction instrumentand/or an account code associated with his transaction instrument andhis identifying information. An individual may enter and/or present someor all of his identifying information (step 404) through a variety ofinput devices (e.g., mice, keyboards, cameras, and the like). Thus, andas described elsewhere herein, an individual may enter his PIN via akeyboard and/or mouse, and an individual may enter a digital signatureby way of a stylus and electronic signature pad. Likewise, in anembodiment, an individual may present any of his PIN, digital signature,and/or secret gesture using the gesture based systems and methodsdescribed elsewhere herein. For example, an individual may present hisdigital signature by moving his marker in space along a path thatcorresponds to his signature. Likewise, an individual may present hisPIN by moving his marker in space such that the icon associated with hismarker and displayed by client 104 overlaps an electronic PIN pad, whichthe individual may use to enter or present his PIN, one digit at a time.

Irrespective of the method by which an individual enters/presents hisidentifying information, server system 106 may retrieve the individual'ssaved identifying information using the image of the individual'stransaction instrument and/or entered account code to locate andretrieve the identifying information that it is paired to. Server system106 may further compare the entered and/or presented identifyinginformation to the paired identifying information. Where theentered/presented identifying information matches the paired identifyinginformation, server system 106 may authenticate the individual to histransaction account and approve the requested transaction (step 406).Server system 106 may approve (or deny) a transaction itself, or serversystem 106 may forward a transaction request to a payment processor orpayment processing system (not shown), which may approve (or deny) thetransaction in accordance with a payment processing logic. Where anindividual's presented/entered identifying information does notsufficiently match the paired identifying information, server system 106(or other payment processing system) may determine that the individualmay be engaged in fraudulent activity, in which case, server system 106may (after a number of attempts by the individual to successfullyenter/present his identifying information) decline to authenticate theindividual to his transaction account and/or deny the requestedtransaction and/or report the transaction instrument/account to thetransaction account issuer for further investigation (step 406).

With reference to FIG. 5, a process 500 through which an individual mayreceive special offers is described. In an embodiment, an individual mayenter a merchant location (i.e., a store) and/or sit or stand in frontof a client 104. There, the individual's likeness may be scanned (step502) by a camera 102 (or other biometric reader). An individual'stransaction instrument, PIN, digital signature, and/or secret gesturemay also be captured (but these options require the participation of theindividual). Further, an individual may allow his marker (e.g., histransaction instrument and/or mobile communication device) to bescanned. In each instance, server system 106 may look up theindividual's transaction account information (step 504), whereuponserver system 106 may determine that a variety of special offers ordiscounts exist, or may be generated, with reference to the individual(step 506). In some instances, server system 106 may requireauthentication of an individual prior to transmitting an offer to theindividual (e.g., where the offer comprises or is based upon privateand/or personal information of the individual, and/or where the offer istransmitted to a public client 104, such as a digital sign or kiosk).Likewise, on other occasions, server system 106 may transmit an offer toan individual prior to authentication of the individual (e.g., where theoffer is not considered personal or sensitive, and/or where the offer istransmitted directly to the individual's mobile device 110 and orprivate client (e.g., a personal computer) 104).

Server system 106 may therefore transmit one or more offers to theindividual by way of client 104 and/or mobile device 110 (step 508).Each offer may be accompanied by a code or identifier which, in certainembodiments, the individual may use to redeem the offer (step 510). Forexample, where an individual possesses a mobile communication device(e.g., a smart phone), the individual may scan, photograph, or accept acode (e.g., a QR code or a barcode) associated with the offer. Theindividual's mobile communication device may handle the processing ofthe transaction completely apart from any of the merchant's paymentprocessing systems, and the individual may simply pick up the purchaseditem at the merchant's register or service counter. Systems and methodsfor processing transactions based upon QR codes are described in U.S.application Ser. No. 13/023,915, filed Feb. 9, 2011, which is herebyincorporated by reference.

With continuing attention to FIG. 5, in certain instances, an individualmay not have in his possession a mobile device 110. In these instances,the individual may redeem the advertised offer at a register or POSterminal. For example, an individual, seeing an offer in which he hasinterest, may purchase the offered item or redeem the offered discountat a merchant's payment counter by presenting his transactioninstrument. Server system 106 may identify the offers that weredisplayed for the individual, each of which may be displayed for theindividual by way of a payment display, POS terminal, or the like. Theindividual may select the desired offer at the payment counter, and thetransaction may be processed using the individual's transactioninstrument (step 508). In an embodiment, an individual may not berequired to select the offer in which he is interested because, forexample, the item the individual is purchasing is only associated with asingle offer. In this circumstance, server system 106 may automaticallyprocess the individual's transaction in association with the offer (step508).

With reference to FIG. 6, a process 600 for automatically populating aweb-based form using the systems and methods described herein isdisclosed. In an embodiment, an individual may encounter an online orweb-based form into which he must enter certain personal data (e.g.,social security number, name and address, etc.). The individual may, atthis point, leverage the systems and methods described herein such thatthe form is automatically populated by server system 106, client 104,and/or mobile device 110. For example, the individual may present hislikeness and/or transaction instrument and/or mobile device 110 tocamera 102 (or other biometric scanner/reader) (step 602). As describedabove, camera 102 may capture the individual's likeness and/ortransaction instrument and/or mobile device 110, and transmit this datato client 104 and/or directly to server system 106 (i.e., where camera102 is integral to mobile device 110). Client 104 may relay the captureddata to server system 106. Server system 106 may use the captured datato look up a variety of personal information associated with theindividual (assuming the individual has been satisfactorily validated tohis transaction account, as described above) (step 604). Server system106 and/or client 104 may transfer the individual's personal informationinto the form, releasing the individual from the necessity of enteringthe data himself (step 606). Similarly, where an individual would liketo enter information into a form by way of his mobile device 110, serversystem 106 and/or client 104 may transfer the individual's personalinformation to mobile device 110, which information mobile device 110may use to populate the form. Systems and methods for automaticallypopulating web-based forms are described in U.S. patent application Ser.No. 11/860,645, filed Sep. 25, 2007, which is hereby incorporated byreference.

In the detailed description herein, references to “one embodiment”, “anembodiment”, “an example embodiment”, etc., indicate that the embodimentdescribed may include a particular feature, structure, orcharacteristic, but every embodiment may not necessarily include theparticular feature, structure, or characteristic. Moreover, such phrasesare not necessarily referring to the same embodiment. Further, when aparticular feature, structure, or characteristic is described inconnection with an embodiment, it is submitted that it is within theknowledge of one skilled in the art to effect such feature, structure,or characteristic in connection with other embodiments whether or notexplicitly described. After reading the description, it will be apparentto one skilled in the relevant art(s) how to implement the disclosure incertain embodiments.

In various embodiments, the methods described herein are implementedusing the various particular machines described herein. The methodsdescribed herein may be implemented using the particular machines, andthose hereinafter developed, in any suitable combination, as would beappreciated immediately by one skilled in the art. Further, as isunambiguous from this disclosure, the methods described herein mayresult in various transformations of certain articles.

For the sake of brevity, conventional data networking, applicationdevelopment and other functional aspects of the systems (and componentsof the individual operating components of the systems) may not bedescribed in detail herein. Furthermore, the connecting lines shown inthe various figures contained herein are intended to represent exemplaryfunctional relationships and/or physical couplings between the variouselements. It should be noted that many alternative or additionalfunctional relationships or physical connections may be present in apractical system.

The various system components discussed herein may include one or moreof the following: a host server or other computing systems including aprocessor for processing digital data; a memory coupled to the processorfor storing digital data; an input digitizer coupled to the processorfor inputting digital data; an application program stored in the memoryand accessible by the processor for directing processing of digital databy the processor; a display device coupled to the processor and memoryfor displaying information derived from digital data processed by theprocessor; and a plurality of databases. Various databases used hereinmay include: client data; merchant data; financial institution data;and/or like data useful in the operation of the system. As those skilledin the art will appreciate, user computer may include an operatingsystem (e.g., Windows NT, 95/98/2000, XP, Vista, OS2, UNIX, Linux,Solaris, MacOS, etc.) as well as various conventional support softwareand drivers typically associated with computers. A user may include anyindividual, business, entity, government organization, software and/orhardware that interact with a system.

A web client includes any device (e.g., personal computer) whichcommunicates via any network, for example such as those discussedherein. Such browser applications comprise Internet browsing softwareinstalled within a computing unit or a system to conduct onlinetransactions and/or communications. These computing units or systems maytake the form of a computer or set of computers, although other types ofcomputing units or systems may be used, including laptops, notebooks,hand held computers, personal digital assistants, set-top boxes,workstations, computer-servers, main frame computers, mini-computers, PCservers, pervasive computers, network sets of computers, personalcomputers, such as iPads, iMACs, and MacBooks, kiosks, terminals, pointof sale (POS) devices and/or terminals, televisions, or any other devicecapable of receiving data over a network. A web-client may run MicrosoftInternet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, or anyother of the myriad software packages available for browsing theinternet.

Practitioners will appreciate that a web client may or may not be indirect contact with an application server. For example, a web client mayaccess the services of an application server through another serverand/or hardware component, which may have a direct or indirectconnection to an Internet server. For example, a web client maycommunicate with an application server via a load balancer. In anexemplary embodiment, access is through a network or the Internetthrough a commercially-available web-browser software package.

As those skilled in the art will appreciate, a web client includes anoperating system (e.g., Windows NT, 95/98/2000/CE/Mobile, OS2, UNIX,Linux, Solaris, MacOS, PalmOS, etc.) as well as various conventionalsupport software and drivers typically associated with computers. A webclient may include any suitable personal computer, network computer,workstation, personal digital assistant, cellular phone, smart phone,minicomputer, mainframe or the like. A web client can be in a home orbusiness environment with access to a network. In an exemplaryembodiment, access is through a network or the Internet through acommercially available web-browser software package. A web client mayimplement security protocols such as Secure Sockets Layer (SSL) andTransport Layer Security (TLS). A web client may implement severalapplication layer protocols including http, https, ftp, and sftp.

In an embodiment, various components, modules, and/or engines of system100 may be implemented as micro-applications or micro-apps. Micro-appsare typically deployed in the context of a mobile operating system,including for example, a Palm mobile operating system, a Windows mobileoperating system, an Android Operating System, Apple iOS, a Blackberryoperating system and the like. The micro-app may be configured toleverage the resources of the larger operating system and associatedhardware via a set of predetermined rules which govern the operations ofvarious operating systems and hardware resources. For example, where amicro-app desires to communicate with a device or network other than themobile device or mobile operating system, the micro-app may leverage thecommunication protocol of the operating system and associated devicehardware under the predetermined rules of the mobile operating system.Moreover, where the micro-app desires an input from a user, themicro-app may be configured to request a response from the operatingsystem which monitors various hardware components and then communicatesa detected input from the hardware to the micro-app.

As used herein, the term “network” includes any electroniccommunications system or method which incorporates hardware and/orsoftware components. Communication among the parties may be accomplishedthrough any suitable communication channels, such as, for example, atelephone network, an extranet, an intranet, Internet, point ofinteraction device (point of sale device, personal digital assistant(e.g., iPhone®, Palm Pilot®, Blackberry®), cellular phone, kiosk, etc.),online communications, satellite communications, off-linecommunications, wireless communications, transponder communications,local area network (LAN), wide area network (WAN), virtual privatenetwork (VPN), networked or linked devices, keyboard, mouse and/or anysuitable communication or data input modality. Moreover, although thesystem is frequently described herein as being implemented with TCP/IPcommunications protocols, the system may also be implemented using IPX,Appletalk, IP-6, NetBIOS, OSI, any tunneling protocol (e.g. IPsec, SSH),or any number of existing or future protocols. If the network is in thenature of a public network, such as the Internet, it may be advantageousto presume the network to be insecure and open to eavesdroppers.Specific information related to the protocols, standards, andapplication software utilized in connection with the Internet isgenerally known to those skilled in the art and, as such, need not bedetailed herein. See, for example, DILIP NAIK, INTERNET STANDARDS ANDPROTOCOLS (1998); JAVA 2 COMPLETE, various authors, (Sybex 1999);DEBORAH RAY AND ERIC RAY, MASTERING HTML 4.0 (1997); and LOSHIN, TCP/IPCLEARLY EXPLAINED (1997) and DAVID GOURLEY AND BRIAN TOTTY, HTTP, THEDEFINITIVE GUIDE (2002), the contents of which are hereby incorporatedby reference.

The various system components may be independently, separately orcollectively suitably coupled to the network via data links whichincludes, for example, a connection to an Internet Service Provider(ISP) over the local loop as is typically used in connection withstandard modem communication, cable modem, Dish networks, ISDN, DigitalSubscriber Line (DSL), or various wireless communication methods, see,e.g., GILBERT HELD, UNDERSTANDING DATA COMMUNICATIONS (1996), which ishereby incorporated by reference. It is noted that the network may beimplemented as other types of networks, such as an interactivetelevision (ITV) network. Moreover, the system contemplates the use,sale or distribution of any goods, services or information over anynetwork having similar functionality described herein.

The system contemplates uses in association with web services, utilitycomputing, pervasive and individualized computing, security and identitysolutions, autonomic computing, cloud computing, commodity computing,mobility and wireless solutions, open source, biometrics, grid computingand/or mesh computing.

Any databases discussed herein may include relational, hierarchical,graphical, or object-oriented structure and/or any other databaseconfigurations. Common database products that may be used to implementthe databases include DB2 by IBM (Armonk, N.Y.), various databaseproducts available from Oracle Corporation (Redwood Shores, Calif.),Microsoft Access or Microsoft SQL Server by Microsoft Corporation(Redmond, Wash.), MySQL by MySQL AB (Uppsala, Sweden), or any othersuitable database product. Moreover, the databases may be organized inany suitable manner, for example, as data tables or lookup tables. Eachrecord may be a single file, a series of files, a linked series of datafields or any other data structure. Association of certain data may beaccomplished through any desired data association technique such asthose known or practiced in the art. For example, the association may beaccomplished either manually or automatically. Automatic associationtechniques may include, for example, a database search, a databasemerge, GREP, AGREP, SQL, using a key field in the tables to speedsearches, sequential searches through all the tables and files, sortingrecords in the file according to a known order to simplify lookup,and/or the like. The association step may be accomplished by a databasemerge function, for example, using a “key field” in pre-selecteddatabases or data sectors. Various database tuning steps arecontemplated to optimize database performance. For example, frequentlyused files such as indexes may be placed on separate file systems toreduce In/Out (“I/O”) bottlenecks.

More particularly, a “key field” partitions the database according tothe high-level class of objects defined by the key field. For example,certain types of data may be designated as a key field in a plurality ofrelated data tables and the data tables may then be linked on the basisof the type of data in the key field. The data corresponding to the keyfield in each of the linked data tables is preferably the same or of thesame type. However, data tables having similar, though not identical,data in the key fields may also be linked by using AGREP, for example.In accordance with one embodiment, any suitable data storage techniquemay be utilized to store data without a standard format. Data sets maybe stored using any suitable technique, including, for example, storingindividual files using an ISO/IEC 7816-4 file structure; implementing adomain whereby a dedicated file is selected that exposes one or moreelementary files containing one or more data sets; using data setsstored in individual files using a hierarchical filing system; data setsstored as records in a single file (including compression, SQLaccessible, hashed via one or more keys, numeric, alphabetical by firsttuple, etc.); Binary Large Object (BLOB); stored as ungrouped dataelements encoded using ISO/IEC 7816-6 data elements; stored as ungroupeddata elements encoded using ISO/IEC Abstract Syntax Notation (ASN.1) asin ISO/IEC 8824 and 8825; and/or other proprietary techniques that mayinclude fractal compression methods, image compression methods, etc.

In one exemplary embodiment, the ability to store a wide variety ofinformation in different formats is facilitated by storing theinformation as a BLOB. Thus, any binary information can be stored in astorage space associated with a data set. As discussed above, the binaryinformation may be stored on the financial transaction instrument orexternal to but affiliated with the financial transaction instrument.The BLOB method may store data sets as ungrouped data elements formattedas a block of binary via a fixed memory offset using either fixedstorage allocation, circular queue techniques, or best practices withrespect to memory management (e.g., paged memory, least recently used,etc.). By using BLOB methods, the ability to store various data setsthat have different formats facilitates the storage of data associatedwith the financial transaction instrument by multiple and unrelatedowners of the data sets. For example, a first data set which may bestored may be provided by a first party, a second data set which may bestored may be provided by an unrelated second party, and yet a thirddata set which may be stored, may be provided by an third partyunrelated to the first and second party. Each of these three exemplarydata sets may contain different information that is stored usingdifferent data storage formats and/or techniques. Further, each data setmay contain subsets of data that also may be distinct from othersubsets.

As stated above, in various embodiments, the data can be stored withoutregard to a common format. However, in one exemplary embodiment, thedata set (e.g., BLOB) may be annotated in a standard manner whenprovided for manipulating the data onto the financial transactioninstrument. The annotation may comprise a short header, trailer, orother appropriate indicator related to each data set that is configuredto convey information useful in managing the various data sets. Forexample, the annotation may be called a “condition header”, “header”,“trailer”, or “status”, herein, and may comprise an indication of thestatus of the data set or may include an identifier correlated to aspecific issuer or owner of the data. In one example, the first threebytes of each data set BLOB may be configured or configurable toindicate the status of that particular data set; e.g., LOADED,INITIALIZED, READY, BLOCKED, REMOVABLE, or DELETED. Subsequent bytes ofdata may be used to indicate for example, the identity of the issuer,user, transaction/membership account identifier or the like. Each ofthese condition annotations are further discussed herein.

The data set annotation may also be used for other types of statusinformation as well as various other purposes. For example, the data setannotation may include security information establishing access levels.The access levels may, for example, be configured to permit only certainindividuals, levels of employees, companies, or other entities to accessdata sets, or to permit access to specific data sets based on thetransaction, merchant, issuer, user or the like. Furthermore, thesecurity information may restrict/permit only certain actions such asaccessing, modifying, and/or deleting data sets. In one example, thedata set annotation indicates that only the data set owner or the userare permitted to delete a data set, various identified users may bepermitted to access the data set for reading, and others are altogetherexcluded from accessing the data set. However, other access restrictionparameters may also be used allowing various entities to access a dataset with various permission levels as appropriate.

The data, including the header or trailer may be received by a standalone interaction device configured to add, delete, modify, or augmentthe data in accordance with the header or trailer. As such, in oneembodiment, the header or trailer is not stored on the transactiondevice along with the associated issuer-owned data but instead theappropriate action may be taken by providing to the transactioninstrument user at the stand alone device, the appropriate option forthe action to be taken. The system may contemplate a data storagearrangement wherein the header or trailer, or header or trailer history,of the data is stored on the transaction instrument in relation to theappropriate data.

One skilled in the art will also appreciate that, for security reasons,any databases, systems, devices, servers or other components of thesystem may consist of any combination thereof at a single location or atmultiple locations, wherein each database or system includes any ofvarious suitable security features, such as firewalls, access codes,encryption, decryption, compression, decompression, and/or the like.

Encryption may be performed by way of any of the techniques nowavailable in the art or which may become available—e.g., Twofish, RSA,El Gamal, Schorr signature, DSA, PGP, PKI, and symmetric and asymmetriccryptosystems.

The computing unit of the web client may be further equipped with anInternet browser connected to the Internet or an intranet using standarddial-up, cable, DSL or any other Internet protocol known in the art.Transactions originating at a web client may pass through a firewall inorder to prevent unauthorized access from users of other networks.Further, additional firewalls may be deployed between the varyingcomponents of CMS to further enhance security.

Firewall may include any hardware and/or software suitably configured toprotect CMS components and/or enterprise computing resources from usersof other networks. Further, a firewall may be configured to limit orrestrict access to various systems and components behind the firewallfor web clients connecting through a web server. Firewall may reside invarying configurations including Stateful Inspection, Proxy based,access control lists, and Packet Filtering among others. Firewall may beintegrated within an web server or any other CMS components or mayfurther reside as a separate entity. A firewall may implement networkaddress translation (“NAT”) and/or network address port translation(“NAPT”). A firewall may accommodate various tunneling protocols tofacilitate secure communications, such as those used in virtual privatenetworking. A firewall may implement a demilitarized zone (“DMZ”) tofacilitate communications with a public network such as the Internet. Afirewall may be integrated as software within an Internet server, anyother application server components or may reside within anothercomputing device or may take the form of a standalone hardwarecomponent.

The computers discussed herein may provide a suitable website or otherInternet-based graphical user interface which is accessible by users. Inone embodiment, the Microsoft Internet Information Server (IIS),Microsoft Transaction Server (MTS), and Microsoft SQL Server, are usedin conjunction with the Microsoft operating system, Microsoft NT webserver software, a Microsoft SQL Server database system, and a MicrosoftCommerce Server. Additionally, components such as Access or MicrosoftSQL Server, Oracle, Sybase, Informix MySQL, Interbase, etc., may be usedto provide an Active Data Object (ADO) compliant database managementsystem. In one embodiment, the Apache web server is used in conjunctionwith a Linux operating system, a MySQL database, and the Perl, PHP,and/or Python programming languages.

Any of the communications, inputs, storage, databases or displaysdiscussed herein may be facilitated through a website having web pages.The term “web page” as it is used herein is not meant to limit the typeof documents and applications that might be used to interact with theuser. For example, a typical website might include, in addition tostandard HTML documents, various forms, Java applets, JavaScript, activeserver pages (ASP), common gateway interface scripts (CGI), extensiblemarkup language (XML), dynamic HTML, cascading style sheets (CSS), AJAX(Asynchronous Javascript And XML), helper applications, plug-ins, andthe like. A server may include a web service that receives a requestfrom a web server, the request including a URL(http://yahoo.com/stockquotes/ge) and an IP address (123.56.789.234).The web server retrieves the appropriate web pages and sends the data orapplications for the web pages to the IP address. Web services areapplications that are capable of interacting with other applicationsover a communications means, such as the internet. Web services aretypically based on standards or protocols such as XML, SOAP, AJAX, WSDLand UDDI. Web services methods are well known in the art, and arecovered in many standard texts. See, e.g., ALEX NGHIEM, IT WEB SERVICES:A ROADMAP FOR THE ENTERPRISE (2003), hereby incorporated by reference.

Middleware may include any hardware and/or software suitably configuredto facilitate communications and/or process transactions betweendisparate computing systems. Middleware components are commerciallyavailable and known in the art. Middleware may be implemented throughcommercially available hardware and/or software, through custom hardwareand/or software components, or through a combination thereof. Middlewaremay reside in a variety of configurations and may exist as a standalonesystem or may be a software component residing on the Internet server.Middleware may be configured to process transactions between the variouscomponents of an application server and any number of internal orexternal systems for any of the purposes disclosed herein. WebSphereMQTM (formerly MQSeries) by IBM, Inc. (Armonk, N.Y.) is an example of acommercially available middleware product. An Enterprise Service Bus(“ESB”) application is another example of middleware.

Practitioners will also appreciate that there are a number of methodsfor displaying data within a browser-based document. Data may berepresented as standard text or within a fixed list, scrollable list,drop-down list, editable text field, fixed text field, pop-up window,and the like. Likewise, there are a number of methods available formodifying data in a web page such as, for example, free text entry usinga keyboard, selection of menu items, check boxes, option boxes, and thelike.

The system and method may be described herein in terms of functionalblock components, screen shots, optional selections and variousprocessing steps. It should be appreciated that such functional blocksmay be realized by any number of hardware and/or software componentsconfigured to perform the specified functions. For example, the systemmay employ various integrated circuit components, e.g., memory elements,processing elements, logic elements, look-up tables, and the like, whichmay carry out a variety of functions under the control of one or moremicroprocessors or other control devices. Similarly, the softwareelements of the system may be implemented with any programming orscripting language such as C, C++, C#, Java, JavaScript, VBScript,Macromedia Cold Fusion, COBOL, Microsoft Active Server Pages, assembly,PERL, PHP, awk, Python, Visual Basic, SQL Stored Procedures, PL/SQL, anyUNIX shell script, and extensible markup language (XML) with the variousalgorithms being implemented with any combination of data structures,objects, processes, routines or other programming elements. Further, itshould be noted that the system may employ any number of conventionaltechniques for data transmission, signaling, data processing, networkcontrol, and the like. Still further, the system could be used to detector prevent security issues with a client-side scripting language, suchas JavaScript, VBScript or the like. For a basic introduction ofcryptography and network security, see any of the following references:(1) “Applied Cryptography: Protocols, Algorithms, And Source Code In C,”by Bruce Schneier, published by John Wiley & Sons (second edition,1995); (2) “Java Cryptography” by Jonathan Knudson, published byO'Reilly & Associates (1998); (3) “Cryptography & Network Security:Principles & Practice” by William Stallings, published by Prentice Hall;all of which are hereby incorporated by reference.

As used herein, the term “end user”, “consumer”, “customer”,“cardmember”, “business” or “merchant” may be used interchangeably witheach other, and each shall mean any person, entity, machine, hardware,software or business. A bank may be part of the system, but the bank mayrepresent other types of card issuing institutions, such as credit cardcompanies, card sponsoring companies, or third party issuers undercontract with financial institutions. It is further noted that otherparticipants may be involved in some phases of the transaction, such asan intermediary settlement institution, but these participants are notshown.

Each participant is equipped with a computing device in order tointeract with the system and facilitate online commerce transactions.The customer has a computing unit in the form of a personal computer,although other types of computing units may be used including laptops,notebooks, hand held computers, set-top boxes, cellular telephones,touch-tone telephones and the like. The merchant has a computing unitimplemented in the form of a computer-server, although otherimplementations are contemplated by the system. The bank has a computingcenter shown as a main frame computer. However, the bank computingcenter may be implemented in other forms, such as a mini-computer, a PCserver, a network of computers located in the same of differentgeographic locations, or the like. Moreover, the system contemplates theuse, sale or distribution of any goods, services or information over anynetwork having similar functionality described herein.

The merchant computer and the bank computer may be interconnected via asecond network, referred to as a payment network. The payment networkwhich may be part of certain transactions represents existingproprietary networks that presently accommodate transactions for creditcards, debit cards, and other types of financial/banking cards. Thepayment network is a closed network that is assumed to be secure fromeavesdroppers. Exemplary transaction networks may include the AmericanExpress®, VisaNet® and the Veriphone® networks. The electronic commercesystem may be implemented at the customer and issuing bank. In anexemplary implementation, the electronic commerce system is implementedas computer software modules loaded onto the customer computer and thebanking computing center. The merchant computer does not require anyadditional software to participate in the online commerce transactionssupported by the online commerce system.

As will be appreciated by one of ordinary skill in the art, the systemmay be embodied as a customization of an existing system, an add-onproduct, upgraded software, a stand alone system, a distributed system,a method, a data processing system, a device for data processing, and/ora computer program product. Accordingly, the system may take the form ofan entirely software embodiment, an entirely hardware embodiment, or anembodiment combining aspects of both software and hardware. Furthermore,the system may take the form of a computer program product on acomputer-readable storage medium having computer-readable program codemeans embodied in the storage medium. Any suitable computer-readablestorage medium may be utilized, including hard disks, CD-ROM, opticalstorage devices, magnetic storage devices, and/or the like.

The system and method is described herein with reference to screenshots, block diagrams and flowchart illustrations of methods, apparatus(e.g., systems), and computer program products according to variousembodiments. It will be understood that each functional block of theblock diagrams and the flowchart illustrations, and combinations offunctional blocks in the block diagrams and flowchart illustrations,respectively, can be implemented by computer program instructions.

These computer program instructions may be loaded onto a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructionsthat execute on the computer or other programmable data processingapparatus create means for implementing the functions specified in theflowchart block or blocks. These computer program instructions may alsobe stored in a computer-readable memory that can direct a computer orother programmable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the function specified in the flowchart block or blocks.The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer-implemented process such that theinstructions which execute on the computer or other programmableapparatus provide steps for implementing the functions specified in theflowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flowchartillustrations support combinations of means for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instruction means for performing the specified functions. Itwill also be understood that each functional block of the block diagramsand flowchart illustrations, and combinations of functional blocks inthe block diagrams and flowchart illustrations, can be implemented byeither special purpose hardware-based computer systems which perform thespecified functions or steps, or suitable combinations of specialpurpose hardware and computer instructions. Further, illustrations ofthe process flows and the descriptions thereof may make reference touser windows, webpages, websites, web forms, prompts, etc. Practitionerswill appreciate that the illustrated steps described herein may comprisein any number of configurations including the use of windows, webpages,web forms, popup windows, prompts and the like. It should be furtherappreciated that the multiple steps as illustrated and described may becombined into single webpages and/or windows but have been expanded forthe sake of simplicity. In other cases, steps illustrated and describedas single process steps may be separated into multiple webpages and/orwindows but have been combined for simplicity.

Benefits, other advantages, and solutions to problems have beendescribed herein with regard to specific embodiments. However, thebenefits, advantages, solutions to problems, and any elements that maycause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as critical, required, or essentialfeatures or elements of the invention. The scope of the invention isaccordingly to be limited by nothing other than the appended claims, inwhich reference to an element in the singular is not intended to mean“one and only one” unless explicitly so stated, but rather “one ormore.” Moreover, where a phrase similar to ‘at least one of A, B, and C’or ‘at least one of A, B, or C’ is used in the claims or specification,it is intended that the phrase be interpreted to mean that A alone maybe present in an embodiment, B alone may be present in an embodiment, Calone may be present in an embodiment, or that any combination of theelements A, B and C may be present in a single embodiment; for example,A and B, A and C, B and C, or A and B and C. Although the invention hasbeen described as a method, it is contemplated that it may be embodiedas computer program instructions on a tangible computer-readablecarrier, such as a magnetic or optical memory or a magnetic or opticaldisk. All structural, chemical, and functional equivalents to theelements of the above-described exemplary embodiments that are known tothose of ordinary skill in the art are expressly incorporated herein byreference and are intended to be encompassed by the present claims.Moreover, it is not necessary for a device or method to address each andevery problem sought to be solved by the present invention, for it to beencompassed by the present claims. Furthermore, no element, component,or method step in the present disclosure is intended to be dedicated tothe public regardless of whether the element, component, or method stepis explicitly recited in the claims. No claim element herein is to beconstrued under the provisions of 35 U.S.C. 112, sixth paragraph, unlessthe element is expressly recited using the phrase “means for.” As usedherein, the terms “comprises”, “comprising”, or any other variationthereof, are intended to cover a non-exclusive inclusion, such that aprocess, method, article, or apparatus that comprises a list of elementsdoes not include only those elements but may include other elements notexpressly listed or inherent to such process, method, article, orapparatus.

1. A method comprising: receiving, by a computer-based system forgesture-based interaction, an image of a likeness associated with anindividual; receiving, by the computer-based system, a secret gesture ofthe individual; authenticating, by the computer-based system, theindividual to a transaction account based upon the image of the likenessassociated with the individual and the secret gesture of the individual.2. The method of claim 1, wherein the receiving a secret gesture of theindividual comprises receiving, by the computer-based system, aplurality of images of a marker.
 3. The method of claim 2, wherein amarker comprises at least one of: a pen, a pencil, a finger, and a hand.4. The method of claim 2, wherein a marker comprises at least one of: amobile device and a transaction instrument.
 5. The method of claim 4,wherein the mobile communication device displays at least one of: animage of a transaction instrument, a transaction account identifier, aQR code, and a bar code.
 6. The method of claim 2, wherein theauthenticating comprises: retrieving, by the computer-based system andbased upon the image of the likeness, a secret gesture paired to thetransaction account; comparing, by the computer-based system, the secretgesture of the individual to the secret gesture paired to thetransaction account; and determining, by the computer-based system, thatthe secret gesture of the individual matches the secret gesture pairedto the transaction account.
 7. The method of claim 1, further comprisingreceiving, by the computer-based system, at least one of: a personalidentification number (PIN) and a digital signature.
 8. The method ofclaim 1, wherein the authenticating comprises: receiving, by thecomputer-based system, at least one of a personal identification number(PIN) and a digital signature associated with an individual; retrieving,by the computer-based system and based upon the image of the likeness,at least one of a PIN and a digital signature paired to the transactionaccount. comparing, by the computer-based system, at least one of thePIN and the digital signature associated with the individual to at leastone of the PIN and the digital signature paired to the transactionaccount; and determining, by the computer-based system, that at leastone of the PIN and the digital signature associated with the individualmath at least one of the PIN and the digital signature paired to thetransaction account.
 9. The method of claim 1, further comprisingpairing, by the computer-based system, the image of the likeness withthe transaction account.
 10. The method of claim 1, further comprisingpairing, by the computer-based system, at least one of: a personalidentification number (PIN), a digital signature, and the secret gesturewith the transaction account.
 11. The method of claim 1, furthercomprising approving, by the computer-based system, a transactionrequest based upon the transaction account.
 12. The method of claim 1,further comprising transmitting, by the computer-based system, an offerto a client based upon the likeness.
 13. The method of claim 1, furthercomprising: receiving, by the computer-based system, at least one of adigital signature and a personal identification number (PIN); andtransmitting, by the computer-based system, an offer to a client basedupon the at least one of the secret gesture, the digital signature, andthe PIN.
 14. The method of claim 1, further comprising pairing, by thecomputer-based system, the transaction account with the image of thelikeness by: receiving, by the computer-based system, an answer to asecret question associated with the transaction account; comparing, bythe computer-based system, the answer to the secret question to a savedanswer to the secret question; and validating, by the computer-basedsystem, the identity of the individual based upon the comparing.
 15. Themethod of claim 1, further comprising populating, by the computer-basedsystem, an online form in response to receiving the image of thelikeness.
 16. The method of claim 1, further comprising rendering, bythe computer-based system and on a client display, an icon associatedwith a marker in two dimensional space in response to a location of themarker in three dimensional space.
 17. The method of claim 1 furthercomprising receiving, by the computer-based system, a transactionrequest based upon a motion of a marker in three dimensional space. 18.The method of claim 1, further comprising transmitting, by thecomputer-based system and to a client, two dimensional coordinates inresponse to a location of a marker in three dimensional space and htmlcode associated with a website.
 19. The method of claim 1, wherein thelikeness comprises biometric information.
 20. The method of claim 1,further comprising receiving, by the computer-based system, an offerredemption request.
 21. An article of manufacture including anon-transitory, tangible computer readable medium having instructionsstored thereon that, in response to execution by a computer-based systemfor gesture-based interaction, cause the computer-based system toperform operations comprising: receiving, by the computer-based system,an image of a likeness associated with an individual; receiving, by thecomputer-based system, a secret gesture of the individual;authenticating, by the computer-based system, the individual to atransaction account based upon the image of the likeness associated withthe individual and the secret gesture of the individual.
 22. A systemcomprising: a tangible, non-transitory memory communicating with aprocessor for gesture-based interaction, the tangible, non-transitorymemory having instructions stored thereon that, in response to executionby the processor, cause the processor to perform operations comprising:receiving, by the processor, an image of a likeness associated with anindividual; receiving, by the processor, a secret gesture of theindividual; authenticating, by the processor, the individual to atransaction account based upon the image of the likeness associated withthe individual and the secret gesture of the individual.